CI cost figures are vendor list prices verified April 2026. Actual cost depends on plan, concurrency, and discount terms. Some links are affiliate links. See disclosure.

Last verified April 2026 · 9 min read

The CI caching playbook

Caching is the single biggest free lunch in CI. Three quarters of pipelines either misuse it or skip it entirely. A fresh npm install takes 60-180 seconds. Cached, it takes 3-10 seconds. The ROI on a well-configured cache is near-instant and the savings compound across every PR.

§ 01

Layer 1: Dependency caching

Dependency caching is the fastest win available. See the dedicated dependency caching recipes page for per-ecosystem YAML for npm, pnpm, yarn, pip, poetry, maven, gradle, composer, cargo, go modules, and bundler. Most teams recover 30-60 minutes per day from this one change.

§ 02

Layer 2: actions/cache (GitHub Actions native)

The actions/cache@v4 action provides a key-value cache store scoped to your repository. The most important detail: the 10 GB repository-wide cap. When the cap is reached, GitHub evicts the least recently used caches first.

- uses: actions/cache@v4
  with:
    path: ~/.npm
    key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
    restore-keys: |
      ${{ runner.os }}-node-

Cache key strategy: hash the lockfile (package-lock.json, yarn.lock, pnpm-lock.yaml), not the package.json. Include the OS in the key. This gives you OS-specific caches that survive lockfile changes gracefully via the restore-keys fallback.

§ 03

Layer 3: Docker layer cache

Docker layer caching is one of the highest-ROI optimisations for teams that build container images in CI. See Docker build optimisation for the full recipe including cache-from: type=gha and registry cache backends.

§ 04

Layer 4: Turborepo remote cache

Turborepo remote cache stores task outputs (build artefacts, test results) in a shared cache. On a cache hit, Turborepo skips the task entirely and replays the output. For a 10-package monorepo, remote cache typically saves 30-60% of CI minutes.

Vercel hosts Turborepo remote cache for free for small teams. The self-hosted option uses S3 or R2 with a simple adapter. See monorepo strategies for cost comparisons.

# With Vercel Remote Cache
- run: npx turbo build test --filter='...[origin/main]'
  env:
    TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
    TURBO_TEAM: your-team-name
§ 05

Layer 5: Nx Cloud

Nx Cloud provides remote cache plus distributed task execution. The free tier allows 500 CI pipeline hours per month. Pro starts at $300/month for unlimited CI hours. For large monorepos (50+ packages), the distributed execution feature can be as valuable as the cache itself.

Nx affected commands (nx affected:build) are the monorepo equivalent of the paths filter: run only what changed.

§ 06

Layer 6: Bazel remote cache

Bazel remote cache stores build artifacts keyed on a content-addressable hash of inputs. At scale, a warmed Bazel remote cache can reduce CI time by 70-90% on incremental builds. The trade-off is Bazel setup cost: typically 2-6 months of migration for a large codebase.

Dropbox's published Bazel migration showed 10x build speed improvement on large C++/Python binaries and ~50% reduction in CI compute. See case studies for the full analysis.

§ 07 · WHEN CACHING HURTS

When caching hurts

Small repositories with rapid dependency churn

If your lockfile changes on every PR, cache hit rates drop below 20%. At that point, cache restore + save time exceeds fresh install time for small dependency trees.

Too-broad cache keys

A cache key based on the entire repository hash (not just the lockfile) produces near-zero hit rates. Every commit creates a new cache key with no restore candidate.

Cache storage cost on heavy-artefact teams

GitHub Actions charges $0.25/GB/month for storage above the free allocation. A team storing 500 MB Docker build caches on every PR can exceed the free 500 MB in two builds. Monitor storage usage.

Security: never cache build output of untrusted code

If you run CI on forks (PRs from external contributors), cache poisoning is a real attack vector. Do not use read-write caches on fork builds; use read-only restore with a write cache only on main/merge-queue builds.

§ 08

Worked cost example

10-DEV JS MONOREPO, NO CACHING BASELINE

Baseline: 9 min/PR x 80 PRs/day12,000 min/mo → $96/mo
Add dependency cache: 5 min/PR6,700 min/mo → $53/mo
Add Turborepo remote cache: 2 min/PR2,700 min/mo → $21/mo
Add Docker layer cache: 1.5 min/PR2,000 min/mo → $16/mo
Total saving from caching83% cost reduction

DIGITAL SIGNET · PIPELINE AUDIT

Cache audit: identify every missing cache in your pipeline.

Digital Signet reviews your workflow definitions, identifies uncached dependency installs and Docker builds, and delivers a prioritised set of YAML diffs to implement.

Get an Audit

RELATED

Dependency Caching RecipesDocker Layer CacheTurborepo / Nx / BazelAnti-Patterns